* Heikki Linnakangas (hlinn...@iki.fi) wrote: > I'm not sure how expensive a brute force attack on SRP would be, > using a stolen backup tape. There doesn't seem to be an iterations > count similar to SCRAM. But note that SRP's resistance to > brute-forcing the authentication handshake is of a different kind. > It's not just expensive, but outright impossible. (Don't ask me how > that works; I'm not well-versed in the maths involved.) That's a big > advantage because it means that it's OK to use a fairly weak > password like 'foobar123' that would be trivially cracked with a > dictionary attack.
If it's actually impossible then that's certainly interesting.. I don't
get how that's possible, but ok.
> (You can still connect to the server and try
> different passwords, but the server can log that and throttle how
> many guesses / minute it let's you do)
Wouldn't that be nice... Wish we did it. :(
Thanks,
Stephen
signature.asc
Description: Digital signature
